Question
Are the InfoSec Endpoints in scope to be reported on as part of: metrics data in Get Metrics API? If they are, should all InfoSec endpoints be considered as part of the High Priority tier?
Finally, should Status information for the InfoSec Endpoints be included in the Get Status API?
Answer
Yes, InfoSec endpoints are covered under performance tiers and fall into High Priority, this was clarified in Version 1.5.0 of the Consumer Data Standards, refer to the change log: https://consumerdatastandardsaustralia.github.io/standards/includes/releasenotes/releasenotes.1.5.0.html#high-level-standards
The InfoSec endpoints also fall into status reporting. If the InfoSec endpoints are down this would impact the CDR solution so it would result in a PARTIAL_FAILURE.
See
- Consumer Data Standards Non-functional Requirements https://consumerdatastandardsaustralia.github.io/standards-staging/#performance-requirements
- Related GitHub issue
https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/299
Update
Included Questions and Answers from comment section
Question
Do we assume for every item in the ResponseMetricsListV2 when it is explicitly stated "highPriority" , then Infosec endpoints are included in that metrics?
If the metrics do not specify any priority? For ex : Average TPS metrics (https://consumerdatastandardsaustralia.github.io/standards/#tocSaveragetpsmetrics) , do Data holders assume they apply to all endpoints exposed?
Answer
Yes, reporting on performance should be done so that InfoSec end points are included in the highPriority tier.
For average TPS and peak TPS, these fields are not separated by tier or by authentication model so it is expected that it would include all CDR traffic.
Question
Could you confirm that all CDR traffic (ie. including infosec endpoints) would be expected in the GetMetrics response for all properties?
In some of the NFR definitions/properties the infosec metrics are called out, in others in leaves it up to authenticated and unauthenticated, and in a few there is no classification at all.
Answer
Yes, the stats for InfoSec end points should be included.
For the NFRs that make no distinction between categories (e.g. availability, performance, averageTps, etc) the data for all end points should be aggregated.
For the NFRs split between authenticated and unauthenticated (e.g. rejections) the InfoSec end points would be considered authenticated (because they are - at least via client authentication).
For the NFS split to specific tiers (e.g. invocations, averageResponse) the end points are all specified into a particular tier.
Comments
4 comments
Hello, Using the information above, can we assume that for every item in ResponseMetricsListV2 (https://consumerdatastandardsaustralia.github.io/standards/#tocSresponsemetricslistv2) , when it is explicitly stated "highPriority" , then Infosec endpoints are included in that metrics.
How about the metrics that do not specify any priority? For ex : Average TPS metrics (https://consumerdatastandardsaustralia.github.io/standards/#tocSaveragetpsmetrics) , do we assume they apply to all endpoints DH exposes?
Hi Ece,
Yes, reporting on performance should be done so that InfoSec end points are included in the highPriority tier.
For average TPS and peak TPS, these fields are not separated by tier or by authentication model so it is expected that it would include all CDR traffic.
- James
G'day James, thanks for the clarification.
To be explicit, could you confirm that all CDR traffic (ie. including infosec endpoints) would be expected in the GetMetrics response for all properties? See: https://consumerdatastandardsaustralia.github.io/standards/#tocSresponsemetricslistv2
In some of the NFR definitions/properties the infosec metrics are called out, in others in leaves it up to authenticated and unauthenticated, and in a few there is no classification at all. It would be great if you could specify for which endpoints the metrics are to be provided.
Cheers in advance
JB
Hi Jordan,
Yes, the stats for InfoSec end points should be included.
For the NFRs that make no distinction between categories (e.g. availability, performance, averageTps, etc) the data for all end points should be aggregated.
For the NFRs split between authenticated and unauthenticated (e.g. rejections) the InfoSec end points would be considered authenticated (because they are - at least via client authentication).
For the NFS split to specific tiers (e.g. invocations, averageResponse) the end points are all specified into a particular tier.
- James
Please sign in to leave a comment.